Archive for the ‘Switching’ Category

h1

Troubleshooting a Cisco 6500 crash

March 10, 2010

I was asked recently to share some knowledge about the support of the Cisco 6500 switches as the information available on the DOC-CD could be fairly overwhelming.

As it happens a clients Cisco-6509 switch fell over yesterday. I was called out to address the issue of the Cisco-6509 that decided it was tired of life by rebooting itself.  I’ll go through some of the steps I did to find the root cause. Obviously note the steps listed here will not find the cause of every possible issue with a 6500 switch, but can be used as a guideline.

Usually the first thing I would do is to see the reason for the reboot with a “sh version”. Look at the highlighted lines.

ndcbbnpendc0103#sh ver
Cisco Internetwork Operating System Software
IOS (tm) s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-M), Version 12.2(18)SXF6, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Mon 18-Sep-06 23:32 by tinhuang
Image text-base: 0x40101040, data-base: 0x42D90000

ROM: System Bootstrap, Version 12.2(17r)SX5, RELEASE SOFTWARE (fc1)
BOOTLDR: s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-M), Version 12.2(18)SXF6, RELEASE SOFTWARE (fc1)

ndcbbnpendc0103 uptime is 3 hours, 23 minutes
Time since ndcbbnpendc0103 switched to active is 3 hours, 22 minutes
System returned to ROM by s/w reset at 00:14:27 PDT Wed Sep 20 2006 (SP by bus error at PC 0x402DC89C, address 0x0)
System restarted at 09:13:44 ZA Wed Mar 10 2010
System image file is "disk0:s72033-adventerprisek9_wan-mz.122-18.SXF6.bin"

Obviously it is clear that the switch did a software reset caused by ‘bus error at PC 0x402DC89C, address 0×0‘.

Read the rest of this entry ?

Posted in Switching | Tagged , | 4 Comments »

h1

CCIE Switching Study Guide

December 10, 2009

This chapter provides perfect insight about the concise content of each technology section covered in Short-Notes V4.

Short-Notes is the definitive CCIE R&S Study guide.

Feel free to download, but please let me know you views and comments : blog@ru.co.za .  Alternative please rate this post (click on title, then rate below). :)

Switching Short-Notes

Posted in Switching | Tagged , , | 2 Comments »

h1

Cisco Data Centre Design and Deploy Workshop

October 16, 2009

DATA-CENTRE-CONF.

I attended the Cisco Data Centre workshop the past two days at Monte Casino. With a huge attendance and both local and international speakers, one thing is for sure,  the focus of technology and cabling around Data Centres are evolving and Cisco is leading the way as usual with Data Centre 3.0.

Key concepts discussed:

  • Cabling Reduction
  • No STP
  • Unify, Simplify, Amplify
  • Virtualization
  • Unified Fabric Advantages
  • Cloud Computing
  • Unified Computing

Some of the biggest issues with data centres today, besides hitting scalability constraints, are the excess cabling, the power required per-port, the overall cost and unwanted complexity. According to Cisco by redesigning the Data Centre architecture from the ground (the cabling) up, utilizing 10 Gigabyte cabling options, doing ‘away’ with Spanning-tree in order to utilize ALL uplinks simultaneously, using Top-of-Rack fabric extenders, Middle-of-Row aggregation points, and with the power of Cisco’s UCS implementation, you will be enabled to streamline the layout, cost, power-demands,  sustainability and scalability.

Obviously it wont be a Cisco event if there we no hardware talk, err I mean sales-talk. The guests of the conference were the Cisco Nexus Range of Data Centre Switches (the Nexus 1000V Switch, Nexus 2000 Series Fabric Extenders and Nexus 5000 and 7000 Series Switches) and lastly UCS (Unified Computing System).

Here are some of the links with more info:

Cisco Data Centre Info

Unified Computing

Cisco IP Data Centre Design

Posted in General info, Switching | Leave a Comment »

h1

R&S Quick Notes – Switching

May 18, 2009

With the insane amount of theory to go through before the big day comes, it is only normal for a couple of items to get lost in the masses. On top of that, regardless of the material you used to study, you are bound to come across a couple small things that you have not seen before. Apart from my 400 pages of everything there is to know for the R&S, I took the time to compile, format and index a book of my CCIE R&S short notes. While compiling all my notes,  labbing,  and reading the Cisco DOC and other blogs, that I made shorter list of the most important tid-bits and any beeg gothas to look out for on the big day.

Hope these help some of you :)

Switching Notes

  • If different VTP domain names between 2 switches, you cant use DTP. Must use manual trunking.
  • When configuring 802.1x, DO NOT forget to add “aaa authentication login default none”, else you might lock the switch and forfeit any points related to that switch.
  • Always confirm your MD5 to be same when configuring VTP PASSWORDS, with “sh vtp status”
  • To enable WCCP on a 3550, you have to change the SDM template to ‘extended-match’
  • STP Timers question-1: Change the STP timers when a port initially comes up to 44 sec.  Answer: Blocking is always 20 sec, (44-20 = 24/2) each listening and learning timers should be configured at 12 sec.
  • STP Timers question-2: Change the STP timers, that in the event of convergence, delay should be no more than 20 sec. Answer: (20/2) each listening and learning timers should be configured at 10 sec.
  • MAC-ACL’s will only match NON-IP traffic. 3560 sees IPv6 traffic as IP-traffic, but 3550 sees IPv6 traffic as NON-IP-traffic, so a 3550 can use a MAC-ACL for IPv6 traffic.
  • Ethertypes used with MAC-ACL’s not on DOC-CD/CMD-Help :

- 0×0806 : IP ARP
- 0×0800 : IPv4
- 0x86DD : IPv6
- 0×4242 : CST (Common Spanning Tree)
- 0xAAAA : All Cisco proprietary (VTP, STP, CDP, DTP, UDLD, PAgP)
- 0xFFFF : all NON-IP

  • VLAN-ACL’s: ONLY a ACL-Permit performs the “forward”/”drop” function in the access-map. A ACL-deny will be ignored. So to deny traffic with VLAN ACL’s, permit the traffic and use a “drop” action in the access-map.
  • Storm-Control: Multicast amount must be equal or greater that the broadcast amount.
  • Uplinkfast used when a direct link failure is detected.
  • Backbonefast – used to determine indirect link failure.
  • Root Bridge Election: 1-Lowest Bridge-ID (Priority [32768 ] + Sys-Id-Ext[=vlan]) & 2-Lowest MAC
  • Root Port Election: 1-Lowest cost to Root, 2-Lowest upstream Bridge-ID, 3-Lowest Port-ID (Port Priority + Port Number)
  • Influencing local Root Port election – change the Port Cost.
  • Influencing the Root Port of directly connected downstream switch – change the Port Priority.

Posted in Switching | Tagged , | Leave a Comment »

h1

IP OSPF mtu-ignore alternative

April 6, 2009

I came across the a command I think would make a great CCIE lab question.

Assume you busy with the lab, and previously a task in the switching section required you to do a dot1q tunnel where you had to change the SYSTEM-MTU on SW1 to 1504.  No beegy.
But you now at the OSPF section, where you have to setup ospf between R1 and SW1, BUT with the following restriction:
(you are not allowed to use the mtu-ignore command)

The usual fix on R1′s interface is prohibited
#interface Fa0/0
#ip ospf mtu-ignore

Hmmm, now what? R1 wont form an adjacency with SW1, due to a MTU mismatch. We obviously cant change the SYSTEM-MTU on SW1, cause that would break a previous question.

Typical behaviour when you have a OSPF MTU mismatch, is a neighbor finite state getting to EXSTART, retrying and eventually giving up.
We can see this on R1 if we do a “debug ip ospf adj”

1ospf-debug-12

Read the rest of this entry ?

Posted in OSPF, Switching | Tagged , | 1 Comment »

h1

Per-Port Per-Vlan alternative

November 13, 2008

I had a interesting issue yesterday. I needed to classify a client Internet traffic with specific DSCP values to bypass our Net-Caches. The first problem I ran into, the client was basically directly connected to our core infrastructure, sitting behind a Fortigate Firewall, so no place for DSCP classification. The fortigate’s outside interface connects to a 3750 shared-hosting switch and that connects into our core. An unsual setup.

At first I thought, it should be easy enough to classify the clients traffic on Per-Port, Per-Vlan basis. Only to find out the 3750 has a standard Image, one that doesn’t support “match vlan”. Keep in mind about 80 odd clients are connected through to switch via different vlans, so an image upgrade was not a option.

A very basic diagram of the setup:

isp2

To get around the above issue, I configured a nested policy and tied it to the SVI interface for their vlan, thus only doing classification for this client and no-one else.

Read the rest of this entry ?

Posted in Switching | Tagged , | Leave a Comment »

h1

Troubleshooting Vlan Issues

November 5, 2008

There are many ways to troubleshoot VLAN issues, and although this article is not meant to replace the understanding of conventional switching and vlan issues, and how to troubleshoot them, this approach will certainly come in handy.

I make use this a lot in our large data centres, and it is often enough to isolate the problem to a single link or trunk.

For illustration purposes, suppose the following really basic scenario:

sw-vlan1

>

Router1′s Ethernet interface can’t ping R4′s Ethernet inteface in subnet 10.1.0/24.

r1-broke-both-

Read the rest of this entry ?

Posted in Switching | Tagged , | Leave a Comment »

h1

Output-101: Cisco 3560 feature set upgrade

October 29, 2008

Error: The image in the archive which would be used to upgrade
Error: system number 1 does not support the same feature set.

Cisco it seems included this sanity check,as of 12.2(35), to prevent you from accidentally changing the feature set during a IOS upgrade, not a nice thing to happen on a production switch, when things go belly up.

You will get the above error when upgrading the IOS and changing the feature set. IE  if you upgrade the image from IPBASE 12.2(35)SE5 to ADVIPSERVICESK9 12.2(25)SEE4.

So to bypass this, you can add the /allow-feature-upgrade parameter, to the  archive download-sw command.

Example :

#archive download-sw /overwrite /allow-feature-upgrade tftp:10.1.1.1/c3560-advipservicesk9-tar.122-25.SEE4.tar

If you need more info on how to upgrade the IOS on a Cisco 3560, visit Cisco.

Posted in OUTPUT-101, Switching | Tagged | Leave a Comment »